CWE弱点浏览

Common Weakness Enumeration（通用弱点枚举）- 软件和硬件安全弱点的社区开发列表

总弱点数

969

分类数

410

视图数

56

列表视图树型视图

CWE弱点列表共 969 条

CWE ID	名称	抽象级别	状态	操作
CWE-628	Function Call with Incorrectly Specified Arguments	Base	Draft	查看详情
CWE-636	Not Failing Securely ('Failing Open')	Class	Draft	查看详情
CWE-637	Unnecessary Complexity in Protection Mechanism (Not Using 'Economy of Mechanism')	Class	Draft	查看详情
CWE-638	Not Using Complete Mediation	Class	Draft	查看详情
CWE-639	Authorization Bypass Through User-Controlled Key	Base	Incomplete	查看详情
CWE-640	Weak Password Recovery Mechanism for Forgotten Password	Base	Incomplete	查看详情
CWE-641	Improper Restriction of Names for Files and Other Resources	Base	Incomplete	查看详情
CWE-642	External Control of Critical State Data	Class	Draft	查看详情
CWE-643	Improper Neutralization of Data within XPath Expressions ('XPath Injection')	Base	Incomplete	查看详情
CWE-644	Improper Neutralization of HTTP Headers for Scripting Syntax	Variant	Incomplete	查看详情
CWE-645	Overly Restrictive Account Lockout Mechanism	Base	Incomplete	查看详情
CWE-646	Reliance on File Name or Extension of Externally-Supplied File	Variant	Incomplete	查看详情
CWE-647	Use of Non-Canonical URL Paths for Authorization Decisions	Variant	Incomplete	查看详情
CWE-648	Incorrect Use of Privileged APIs	Base	Incomplete	查看详情
CWE-649	Reliance on Obfuscation or Encryption of Security-Relevant Inputs without Integrity Checking	Base	Incomplete	查看详情
CWE-650	Trusting HTTP Permission Methods on the Server Side	Variant	Incomplete	查看详情
CWE-651	Exposure of WSDL File Containing Sensitive Information	Variant	Incomplete	查看详情
CWE-652	Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')	Base	Incomplete	查看详情
CWE-653	Improper Isolation or Compartmentalization	Class	Draft	查看详情
CWE-654	Reliance on a Single Factor in a Security Decision	Base	Draft	查看详情